diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 0dee1711..e87b7c35 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -121,9 +121,9 @@ class Adminer {
echo "
\n";
echo $this->loginFormField('driver', '' . lang('System') . ' | ', html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);") . "\n");
echo $this->loginFormField('server', ' |
---|
' . lang('Server') . ' | ', '' . "\n");
- echo $this->loginFormField('username', ' |
---|
' . lang('Username') . ' | ', '' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();"));
+ echo $this->loginFormField('username', ' |
---|
' . lang('Username') . ' | ', '' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();"));
echo $this->loginFormField('password', ' |
---|
' . lang('Password') . ' | ', '' . "\n");
- echo $this->loginFormField('db', ' |
---|
' . lang('Database') . ' | ', '' . "\n");
+ echo $this->loginFormField('db', ' |
---|
' . lang('Database') . ' | ', '' . "\n");
echo " |
---|
\n";
echo "\n";
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
@@ -968,13 +968,15 @@ class Adminer {
$servers) {
- foreach ($servers as $server => $usernames) {
- foreach ($usernames as $username => $password) {
- if ($password !== null) {
- $dbs = $_SESSION["db"][$vendor][$server][$username];
- foreach (($dbs ? array_keys($dbs) : array("")) as $db) {
- $output .= "
($drivers[$vendor]) " . h($username . ($server != "" ? "@" . $this->serverName($server) : "") . ($db != "" ? " - $db" : "")) . "\n";
+ if (isset( $_SESSION["pwds"])) {
+ foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
+ foreach ($servers as $server => $usernames) {
+ foreach ($usernames as $username => $password) {
+ if ($password !== null) {
+ $dbs = $_SESSION["db"][$vendor][$server][$username];
+ foreach (($dbs ? array_keys($dbs) : array("")) as $db) {
+ $output .= "($drivers[$vendor]) " . h($username . ($server != "" ? "@" . $this->serverName($server) : "") . ($db != "" ? " - $db" : "")) . "\n";
+ }
}
}
}
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 8669351f..3183b51a 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -51,7 +51,7 @@ function check_invalid_login() {
}
}
-$auth = $_POST["auth"];
+$auth = (isset($_POST["auth"]) ? $_POST["auth"] : null);
if ($auth) {
session_regenerate_id(); // defense against session fixation
$vendor = $auth["driver"];
@@ -76,7 +76,7 @@ if ($auth) {
redirect(auth_url($vendor, $server, $username, $db));
}
-} elseif ($_POST["logout"] && (!$has_token || verify_token())) {
+} elseif (isset($_POST["logout"]) && $_POST["logout"] && (!$has_token || verify_token())) {
foreach (array("pwds", "db", "dbs", "queries") as $key) {
set_session($key, null);
}
diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 01a9d0b6..ef72d915 100644
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -1,6 +1,7 @@
$_POST["signature"], "version" => $_POST["version"])));
@@ -46,10 +47,10 @@ if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility
if (!strpos($_SERVER["REQUEST_URI"], '?') && $_SERVER["QUERY_STRING"] != "") { // IIS 7 compatibility
$_SERVER["REQUEST_URI"] .= "?$_SERVER[QUERY_STRING]";
}
-if ($_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
+if (isset($_SERVER["HTTP_X_FORWARDED_PREFIX"]) && $_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
$_SERVER["REQUEST_URI"] = $_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["REQUEST_URI"];
}
-$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy
+$HTTPS = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
if (!defined("SID")) {
@@ -102,8 +103,16 @@ if ($adminer->operators === null) {
$adminer->operator_regexp = $operator_regexp;
}
-define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
-define("DB", $_GET["db"]); // for the sake of speed and size
+if (isset($_GET[DRIVER])) {
+ define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
+} else {
+ define("SERVER", "");
+}
+if (isset($_GET["db"])) {
+ define("DB", $_GET["db"]); // for the sake of speed and size
+} else {
+ define("DB", "");
+}
define("ME", preg_replace('~\?.*~', '', relative_uri()) . '?'
. (sid() ? SID . '&' : '')
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 6565375a..37f17714 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -595,7 +595,10 @@ function stop_session($force = false) {
* @return mixed
*/
function &get_session($key) {
- return $_SESSION[$key][DRIVER][SERVER][$_GET["username"]];
+ if (isset($_GET["username"]) && isset($_SESSION[$key][DRIVER][SERVER][$_GET["username"]])) {
+ return $_SESSION[$key][DRIVER][SERVER][$_GET["username"]];
+ }
+ return null;
}
/** Set session variable for current server
@@ -630,7 +633,10 @@ function auth_url($vendor, $server, $username, $db = null) {
* @return bool
*/
function is_ajax() {
- return ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest");
+ if (isset($_SERVER["HTTP_X_REQUESTED_WITH"])) {
+ return ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest");
+ }
+ return false;
}
/** Send Location header and exit
diff --git a/adminer/include/lang.inc.php b/adminer/include/lang.inc.php
index 0122da6a..16f7f774 100644
--- a/adminer/include/lang.inc.php
+++ b/adminer/include/lang.inc.php
@@ -63,7 +63,7 @@ function get_lang() {
*/
function lang($idf, $number = null) {
global $LANG, $translations;
- $translation = ($translations[$idf] ? $translations[$idf] : $idf);
+ $translation = (isset($translations[$idf]) ? $translations[$idf] : $idf);
if (is_array($translation)) {
$pos = ($number == 1 ? 0
: ($LANG == 'cs' || $LANG == 'sk' ? ($number && $number < 5 ? 1 : 2) // different forms for 1, 2-4, other
@@ -102,10 +102,10 @@ if (isset($_POST["lang"]) && verify_token()) { // $error not yet available
}
$LANG = "en";
-if (isset($langs[$_COOKIE["adminer_lang"]])) {
+if (isset($_COOKIE["adminer_lang"]) && isset($langs[$_COOKIE["adminer_lang"]])) {
cookie("adminer_lang", $_COOKIE["adminer_lang"]);
$LANG = $_COOKIE["adminer_lang"];
-} elseif (isset($langs[$_SESSION["lang"]])) {
+} elseif (isset($_SESSION["lang"]) && isset($langs[$_SESSION["lang"]])) {
$LANG = $_SESSION["lang"];
} else {
$accept_language = array();